VYPR
Vendor

Comtrend

Products
9
CVEs
7
Across products
8
Status
Private

Products

9

Recent CVEs

7
  • CVE-2020-10173HigMar 5, 2020
    risk 0.66cvss 8.8epss 0.77

    Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

  • CVE-2018-20388CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2019-25483HigMar 11, 2026
    risk 0.55cvss 8.4epss 0.00

    Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed…

  • CVE-2024-5785HigJun 10, 2024
    risk 0.52cvss 8.0epss 0.01

    Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”.

  • CVE-2024-5786MedJun 10, 2024
    risk 0.42cvss 6.5epss 0.00

    Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated.

  • CVE-2018-8062MedOct 23, 2020
    risk 0.35cvss 5.4epss 0.01

    A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.

  • CVE-2010-0470Feb 2, 2010
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter.